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AMENDMENTS TO THE CLAIMS : 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

LISTING OF CLAIMS : 

1. (Currently Amended) A method of making instructions of an electronic portable 
object XjjP secure, which object is executing a program P supplied by a non-secure other 
electronic object XT in the form of a succession of F instructions, F thus denoting the 
number of instructions of said program P, said method using: 

- a secret-key protocol co-operating with an ephemeral secret key K; 

- a symmetrical cryptographic MAC function Mk co-operating with a hash function 
HASHi defined by a compression function Hi and a constant IVi. and with a hash function 
HASH2 defined by a compression function H2 and a constant IV2; and 

- a program identifier ID stored in the electronic object XpP and corresponding to 
hashing of P; 

sa i d m e thod be i ng charact e riz e d in that wherein said public-key protocol comprises 
the following stages: 

a) an initialization stage during which the XpP generates an ephemeral key K, then 
receives from the XT the set of programs P, the number of instructions F and its identifier ID, 
computes the hash h of said program P with the HASHi function, by using the compression 
function Hi and the constant IV1, and finally generates signatures Oj, by means of the Pk 
function and of the key K, which signatures Oi it transmits to the XT; 

b) an execution phase during which the XpP checks that h and ID are equal, also 
verifies that ID is stored in its non-volatile memory, and then requests, one after the other, 
the instructions of P so as to execute them, and, for some of them, performs a sub-stage of 
verification that consists in requesting a signature a constructed on the basis of the 
signatures Oj generated during the initialization stage and by means of the HASH2 function, 
and in verifying said signature a; 

c) a reaction stage that takes place whenever a signature a is not valid. 

2. (Currently Amended) A method of making instructions of an electronic portable 
object secure according to claim 1 , ch a racter i zod i n that wherein the sub-stage of verification 
in the execution stage is verification of the signature a taking place prior to execution of each 
instruction. 
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3. (Currently Amended) A method of making instructions of an electronic portable 
object secure according to claim 2, character i z e d in that wherein the execution stage 
comprises the following sub-stages: 

b-1 ) the XpP requests an instruction from the XT; 

b-2) the XpP requests a signature a constructed on the basis of the signatures Oi 
generated during the initialization stage and by means of the HASH2 function, and, in the 
event that said signature a is not valid, executes the reaction stage; and 

b-3) the XpP executes the instruction and returns to the sub-stage b-1 . 

4. (Currently Amended) A method of making instructions of an electronic portable 
object secure according to claim 1 , charact e r i z e d i n that wherein the sub-stage of verification 
in the execution stage is verification of the signature a taking place prior to execution of the 
instruction, if said instruction is an instruction that is critical for security. 

5. (Currently Amended) A method of making instructions of an electronic portable 
object secure according to claim 4, character i z e d i n that wherein the execution stage 
comprises the following sub-stages: 

b-1) the X|jP requests an instruction from the XT; 

b-2) if said instruction is critical for security, the XpP requests a signature a 
constructed on the basis of the signatures 0\ generated during the initialization stage and by 
means of the HASH2 function, and, in the event that said signature a is not valid, executes 
the reaction stage; and 

b-3) the XpP executes the instruction and returns to the sub-stage b-1 . 

6. (Currently Amended) A method of making an electronic portable object secure 
according to claim 1 , charact e rized in that wherein the sub-stage of verification in the 
execution stage is verification of the signature a taking place prior to execution of the 
instruction if said instruction is an instruction that is critical for security, and if at least one of 
the items of data used for said instruction is a secret item of data. 

7. (Currently Amended) A method of making instructions of an electronic portable 
object secure according to claim 6, characterized i n that wherein it uses a variable O 
defining the set of security levels defined at a given instant by execution of a given program 
P, and in that the execution stage comprises the following sub-stages: 

b-1 ) the XpP requests an instruction from the XT; 
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b-2) if said instruction is critical for security and if at least one of the items of data 
used by the instruction is secret, then the XpP requests a signature a constructed on the 
basis of the signatures Oj generated during the initialization stage and by means of the 
HASH2 function, and, in the event that said signature a is not valid, executes the reaction 
stage; and 

b-3) the X|jP executes the instruction, updates the security level (secret or non-secret 
data) of each of the items of data coming from the execution, and returns to the sub-stage b- 
1. 

8. (Currently Amended) A method of making instructions of an electronic portable 
object secure according to claim 7, charact e riz e d i n that wherein it uses a variable O 
defining the set of security levels defined at a given instant by execution of a given program 
P, in that it uses an Alert Boolean function, and in that the execution stage comprises the 
following sub-stages: 

b-1 ) the XpP requests an instruction from the XT; 

b-2) if said instruction is critical for security and if the Alert Boolean function 
determined on the basis of the security level of the data used by the instruction and by the 
nature of the instruction itself is evaluated as TRUE, then the XpP requests a signature o 
constructed on the basis of the signatures 0\ generated during the initialization stage and by 
means of the HASH2 function, and, in the event that said signature a is not valid, executes 
the reaction stage; and 

b-3) the X\}P executes the instruction, updates the security level (secret or non-secret 
data) of each of the items of data coming from the execution, and returns to the sub-stage b- 
1. 

9. (Currently Amended) A method of making instructions of an electronic portable 
object secure according to claim 1 , charactor i zod in that wherein it uses a HASH3 function 
defined by a compression function H3 and a constant IV3, and in that the program P is 
supplied in the form of a succession of G sections or blocks of instructions, G thus denoting 
the number of sections of said program. 

10. (Currently Amended) A method of making instructions of an electronic portable 
object according to claim 9, charactorizod i n that wherein said protocol comprises the 
following stages: 
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a) an initialization stage during which the X|jP generates an ephemeral key K, then 
receives from the XT the entire set of the program P, its number of sections G and its 
identifier ID, computes the hash h of said program P with the HASHi function, by using the 
compression function Hi and the constant IVi, and with the HASH3 function, by using the 
compression function H3 and the constant IV3, and finally generates signatures Oj, by means 
of the pk function and of the key K, which signatures Oj it transmits to the XT; 

b) an execution phase during which the XpP checks that h and ID are equal, also 
verifies that ID is stored in its non-volatile memory, and then requests, one after the other, 
the sections of P so as to execute them, and, for some of them, performs a sub-stage of 
verification that said sections comply, and then finally, for the final instruction of certain 
sections, performs a sub-stage of verification that consists in requesting a signature a, 
constructed on the basis of the signatures G\ generated during the initialization stage and by 
means of the HASH2 function, and in verifying said signature; and 

c) a reaction stage that takes place whenever a signature a is not valid or whenever 
a section does not comply. 

1 1 . (Currently Amended) A method of making instructions of an electronic portable 
object secure according to claim 10, charact e riz e d in that wherein the sub-stage of 
verification that a given section complies consists in verifying that no instruction of that 
section, except possibly for the last instruction, is an instruction that is critical for security. 

12. (Currently Amended) A method of making instructions of an electronic portable 
object secure according to claim 1 1 . charact e r i z e d i n that wherein the sub-stage of 
verification in the execution stage is verification of the signature a taking place prior to 
execution of the final instruction of each section. 

13. (Currently Amended) A method of making instructions of an electronic portable 
object secure according to claim 12, charact e rized i n that wherein the execution stage 
comprises the following sub-stages: 

b-1 ) the XpP requests a section from the XT; 

b-2) for each non-final instruction of the requested section, the XpP verifies whether 
said instruction is critical, and, if it is, performs the reaction phase, and, otherwise, executes 
said instruction and goes to the next instruction; 

b-3) for the final instruction of the requested section: 
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b-31) the XpP requests a signature a constructed on the basis of the signatures cj 
generated during the initialization stage and by means of the HASH2 function, and, in the 
event that said signature a is not valid, executes the reaction stage; and 

b-32) the XyiP executes the instruction; 

b-4) the X|jP then returns to the sub-stage b-1 . 

14. (Currently Anrjended) A method of making instructions of an electronic portable 
object secure according to claim 1 1 , charact e rized i n that wherein the sub-stage of 
verification in the execution stage is verification of the signature a taking place prior to 
execution of the final instruction of each section, if said instruction is an instruction that is 
critical for security. 

15. (Currently Amended) A method of making instructions of an electronic portable 
object secure according to claim 14. charact e r i z e d i n that wherein the execution stage 
comprises the following sub-stages: 

b-1 ) the X|jP requests an instruction from the XT; 

b-2) for each non-final instruction of the requested section, the XpP verifies whether 
said instruction is critical, in which case it performs the reaction stage, and otherwise it 
executes said instruction and goes on to the next instruction; 

b-3) for the final instruction of the requested section: 

b-31 ) if the instruction is critical for security, the XpP requests a signature o 
constructed on the basis of the signatures Qj generated during the initialization stage and by 
means of the HASH2 function, and, in the event that said signature o is not valid, executes 
the reaction stage; and 

b-32) the XpP executes the instruction; and 

b-4) the XpP then returns to the sub-stage b-1. 

16. (Currently Amended) A method of making instructions of an electronic portable 
object secure according to claim 1 1 , charact e rizod i n that wherein the sub-stage of 
verification in the execution stage is verification of the signature a taking place prior to 
execution of the final instruction of each section, if said instruction is an instruction that is 
critical for security, and if at least one of the items of data used by said instruction is a secret 
item of data. 
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17. (Currently Anriended) A method of making instructions of an electronic portable 
object secure according to claim 16, charactor i z e d i n that wherein it uses a variable O 
defining the set of security levels defined at a given instant by execution of a given program, 
and in that the execution stage comprises the following sub-stages: 

b-1) the XpP requests an instruction from the XT; 

b-2) for each non-final instruction of the requested section, the XpP verifies whether 
said instruction is critical, in which case it performs the reaction stage, and otherwise it 
executes said instruction and goes on to the next instruction; 

b-3) for the final instruction of the requested section: 

b-31 ) if the instruction is critical for security, and if at least one of the items of data 
used by the instruction is secret, the XpP requests a signature a constructed on the basis of 
the signatures Oj generated during the initialization stage and by means of the HASH2 
function, and, in the event that said signature a is not valid, executes the reaction stage; and 

b-32) the XpP executes the instruction; 

b-33) the XpP updates the security level (secret data or non-secret data) of each of 
the items of data coming from the execution; and 

b-4) the X[}P then returns to the sub-stage b-1. 

18. (Currently Amended) A method of making instructions of an electronic portable 
object secure according to claim 16, charact e r i z e d in that wherein it uses a variable O 
defining the set of security levels defined at a given instant by execution of a given program, 
in that it uses an Alert Boolean function and in that the execution stage comprises the 
following sub-stages: 

b-1 ) the XpP requests an instruction from the XT; 

b-2) for each non-final instruction of the requested section, the XpP verifies whether 
said instruction is critical, in which case it performs the reaction stage, and othen/vise it 
executes said instruction and goes on to the next instruction; 

b-3) for the final instruction of the requested section: 

b-31) if the instruction is critical for security, and if the Alert Boolean function 
determined on the basis of the security level of the data used by the instruction and by the 
nature of the instruction itself is evaluated as being TRUE, the XpP requests a signature a 
constructed on the basis of the signatures Oj generated during the initialization stage and by 
means of the HASH2 function, and, in the event that said signature a is not valid, executes 
the reaction stage; and 

b-32) the X|jP executes the instruction; 
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b-33) the XpP updates the security level (secret data or non-secret data) of each of 
the data coming from the execution; and 

b-4) the X|jP then returns to the sub-stage b-1 . 

19. (Currently Amended) A method of making instructions of an electronic portable 
object secure according to any ono of c l a i ms ^ to 8, or 1 1 to 18, choractor i z e d in that claim 4 
at least one of the following types of instruction are critical for security: 

the test instructions and/or 

the instructions issuing information to the outside via communications means 

and/or 

the instructions modifying the contents of the non-volatile memory and/or 
the computation instructions presenting special cases during execution of 
them, such as the launch of exceptions. 

20. (Currently Amended) A method of making instructions of an electronic portable 
object secure according to claim 8, or cla i m 18, charact e r i z e d in that wherein the Alert 
Boolean function is evaluated as being TRUE for at least one of the following types of 
instruction: 

the test instructions and/or 

the instructions issuing information to the outside via communications means 

and/or 

the instructions modifying the contents of the non-volatile memory and/or 
the computation instructions presenting special cases during execution of 
them, such as the launch of exceptions. 

21 . (Currently Amended) A method of making instructions of an electronic portable 
object secure according to claim 8, or cla i m 18, character i z e d in that wherein the Alert 
Boolean function is evaluated as being TRUE for at least one of the following types of 
instruction, if at least one of the input items of data is secret, and as being FALSE if all of the 
items of data tested are public: 

the test instructions and/or 

the instructions issuing information to the outside via communications means 

and/or 

the instructions modifying the contents of the non-volatile memory and/or 
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the computation Instructions presenting special cases during execution of 
them, such as the launch of exceptions. 

22. (Currently Amended) A method of making instructions of an electronic portable 
object secure according to any on e of cla i ms 7 or 8, or 17 or 18, charact e r i z e d in that claim 7 
the set of security levels <1> used during execution of a program P is indicated by the value of 
a function cp, such that, for any item of data u used by the program, (p(u)=0 designates the 
fact that u is public and (p(u)=1 designates the fact that u is private, and such that, for any 
item of data v resulting from execution of an instruction of the program P, cp(v)=1 if at least 
one of the items of input data of the instruction is private, and, otherwise <p(v)=0. 

23. (Currently Amended) A method of making instructions of an electronic portable 
object secure according to claim 22, ch a ract e riz e d in that wherein the values of the function 
9 are computed by means of hardware implementation of a "Logic OR" function 
implemented on the values of the cp function for the input data of the instructions. 

24. (Currently Amended) A method of making instructions of an electronic portable 
object secure according to any on e of claims 1 to 23, charact e r i zed i n that claim 1 , wherein 
the hash functions HASHi, HASH2, and HASH3 are identical. 

25. (Currently Amended) An electronic object, charact e r i z e d i n that wherein it 
implements any one of cla i ms 1 to 24 claim 1 . 

26. (New) The method of claim 24 wherein said instructions contain data that can be 
executed by XT and data that cannot be executed by XT. 



